If you want to get email notifications from Intezer about escalated threats, you can read more about setting up or customizing your email notification settings here.
This article will walk you through the process of integrating Intezer's Webhook functionality, enabling you to streamline the delivery of triage results. By leveraging webhooks, you can receive real-time notifications of triage results and enhance your incident response capabilities.
What are Webhooks and the Benefit for Triage and Threat Escalation?
Webhooks are a mechanism that allows instant communication between applications. They facilitate the transmission of data and notifications from one system to another when specific events occur. By using webhooks for triage results delivery, you can enjoy several benefits, including:
- Real-time Notifications: Receive immediate updates on triage results, ensuring prompt awareness of identified threats.
- Streamlined Incident Response: Leverage real-time data to expedite your incident response processes and mitigate risks efficiently for escalated threats.
When Does Intezer Send Webhook Messages?
Intezer's system automatically sends an email when predefined criteria are met. By default, only unmitigated threats with high or critical risk levels will be escalated via wehbook.
Each organization has unique requirements, so you can customize the webhook settings and select additional risk levels to be notified upon in order to align with your specific needs. For example, you may select all risk levels in order to be notified on every triage result.
Message Format and Delivery
Intezer's system will send HTTP POST requests to the provided Webhook URL whenever a new triage result is available. The payload of the POST request will be in JSON format and will contain relevant information about the triage result.
Setting Up Intezer's Webhook Integration
To initiate the setup of the Webhook Integration, send an email to Intezer's support team at firstname.lastname@example.org. Include the following details:
- Webhook URL: Specify the URL where you want to receive triage results notifications. Ensure the endpoint is accessible and capable of handling incoming requests.
- Optional Authorization Header: If required, include an authorization header to authenticate the incoming requests and ensure secure communication.
In addition, if you wish to adjust the default notification criteria, you can specify it the email request.
As you configure the Webhook integration, it is important to prioritize security. Here are some recommended security practices:
- Secure Connection: Use HTTPS for secure communication between Intezer and your endpoint.
- Authorization Header: Utilize an authorization header to validate the authenticity of the incoming notifications.
💡Learn more about the available fields in the API docs page